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Model developed by Redpill Linpro to help customers 
adopt to DevOps. 

Model intended to cover every aspect of a successful 
implementation of DevOps. 

Redpill Linpro will be able to assist in every phase of 
implementation of a DevOps led strategy. 

Redpill Linpro can provide cloud based tools and services 
to support your move to DevOps. 

Redpill Linpro can also assume the full responsibility for 
the implementation of a DevOps led strategy. 


The objective is to make organisations DevOps ready. 
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What is DevOps 
and why should you care? 


The digital transformation is bringing a lot of challenges for 
IT decision makers. One challenge is to make sure software solutions solve 
problems or create innovation, an other one is trying to keep up 
and deliver on business expectations. The sheer volume of projects and time 
constraints are overwhelming IT decision makers, 
their organizations and their ability to deliver. 


This does not only apply to new development 
or applications, but also to existing ones 
where users demand constant changes. 

This creates a continuous flow of required 
development and configuration modifications. 
One way of increasing the delivery capacity 
of IT organizations as a whole can be to adopt 
a DevOps-style of work to specify, design, 
develop, maintain, deploy and host applications. 
Several large organizations, in Scandinavia 
and elsewhere, have already adopted to this. 
Evidence points at working DevOps-style, 
increases the performance in several important 
areas of the above processes and increases IT's 
ability to deliver on business requirements for 
digital transformation related capabilities. 

A Wikipedia article about the subject (https:// 
en.wikipedia.org/wiki/DevOps) starts out by 
defining it as: 

DevOps is a set of software development practices that combine 
software development (Dev) and information-technology 
operations (Ops) to shorten the systems-development life cycle 
while delivering features, fixes, and updates frequently in close 
alignment with business objectives. 

And that is what DevOps is: It is about being 
able to iterate faster during development, with 
the help of tools and processes set in place that 
automate tasks. 


This puts oil into the machinery, make it run 
smoother, with less effort, not get stuck in 
procedures and manual tasks. 

A large part of adopting DevOps is starting to 
use tools for automation and there is a wide 
range of tools that can help you with that, 
but the largest part is based on the people 
and culture. Here is where agile software 
development comes into play. 

Agile software development 

You cannot talk about DevOps without talking 
about the agile methodology. The DevOps 
mentality is all about being agile, to be able to 
adapt, to iterate, have faster turn around, to 
self organize and have cross-functional teams. 
DevOps is a product of the agile software- 
development movement. So, in many ways 
it is not a new concept; It is a logical step in 
doing software development, because of what 
agile methodologies teach us. If your company 
is working with agile methodologies, it will 
be easier adopting DevOps-processes and 
technologies. 

Peoples culture 

DevOps is all about empowering people and 
communication, to break down the old wall 
between Operations and Developers, where 



we used to throw things back and forth with 
- in some cases - limited communication 
or understanding for each others process. 

The processes you set in place should make 
software development faster, easier and more 
secure, but above all, it should make you, your 
team, your company and your customers 
happier. Happier to cooperate, happier to 
develop and happier to deliver. Why? Because 
adopting a DevOps mindset is to oil the 
machine and increase efficiency. It will help you 
deliver faster, more secure and reliable. 

Agile software development comprises various approaches to 
software development under which requirements and solutions 
evolve through the collaborative effort of self-organizing and 
cross-functional teams and their customer(s)/end user(s). It 
advocates adaptive planning,evolutionary development, early 
delivery, and continual improvement, and it encourages rapid 
and flexible response to change. 

Quote from: 

https://en.wikipedia.org/wiki/Agile_software_development 

Before adopting DevOps 

Before adopting a DevOps mentality a 
company is often divided into silos where key 
expertise sits in their individual teams, where 
little to none communication with other teams 
take place, a deployment to production is 
often seen as a risky, scary process and often 
involves developer teams handing over code or 
artifacts to an Ops-team with the instruction: 
"Just upload it for production". Responsibility 
for the deploy is often a muddy concept: Is it 
the Development-team who made the new 
code or is it the Ops team who uploaded the 
new code to production? 

Code is rarely tested before going out 
to production because of an "it works on 
my machine" mentality. Also: production 
configuration, database changes etc., are rarely 
tested before deploying the new code. 

When bugs occur or things just flat out do not 
work, responsibility is nowhere to be seen and 
the blame-game starts from each side of the 
wall and it is a bad time for everyone involved. 


After adopting DevOps 

After adopting the DevOps mentality, 
Development-teams, and Ops-teams work 
closer together, the wall between the silos gets 
torn down, brick by brick and the teams work 
more together than apart. The Development- 
teams have gotten more responsibilities, 
possibilities and can iterate on their 
applications much faster since they have the 
power to deploy to production whenever they 
want. This power is not limitless, but processes 
and tools have been set up by Ops and the 
Development-teams together to test code and 
configuration before deploying all the way to 
production. The key here is: Automation. 

Your company will have much more stable 
releases of software than before because the 
teams can deploy more often, and since they 
have checks in place to test the failure rate will 
decrease radically. 


A study by the “The state of DevOps 2019” 
showed that failure rates will go down to 
0-15% for teams that deploy between once 
a week and once a 
month compared to 
about 40-60% for 
teams that deploy 
once a month or 
less. 


«failure rates will go 
down to 0-15% for 
teams that deploy 
between once a week 


Transparency and and onC£ > Q mont h« 
responsibility are on 
everyone’s shoulder. 

When bugs occur the teams adopt a more 
constructive approach: you solve the issue 
together and since you can deploy now faster, 
a bugfix is quickly delivered to production. 


With limited interference, everyone is much 
more understanding because everyone 
understands that blame leads to stress and 
stress can lead to even bigger mistakes. The 
teams act much more open and transparent 
when they are having issues because they 
know they will have fruitful and constructive 
criticism instead of a culture of blame. 





Where to start? 
Seven tips on the way 



Whether if you are at the beginning of your 
DevOps-journey or in the middle of it: there are a 
lot of different places along that journey that you 
can automate and optimize and here are some 
tips on what areas you can focus on. 


01. Standardize development-environments 

A big leap towards removing manual steps and 
dependencies of Ops-teams to fix your broken 
or old development-environments is to build a 
standardized and more general development- 
environment and a tool-set so they can work 
more reliably for each team. Using container- 
technologies like Docker here really helps 
with the rest of the process when it comes to 
automatic testing, security, and deployment. 

02. Open up for deployments 

A developer-team should be able to deploy 
whenever they need to. However, before 
you open this up you should see to it that the 
process involves as few steps as possible. It 
should also go through at least automatic 
testing as a part of that process, using some 
kind of CI/CD-tool with clearly defined steps. 

If one of the steps fails, for example, the testing 
step, the deployment should be aborted. The 
process should also include feedback to the 
development-team with the status of the 
deployment in order to have a fast feedback- 
route. 



You should not be afraid to launch a new 
release of your software, to do a deployment. 

If you are scared of deploying, you will be 
scared to even touch your software. 

This will lead to less innovation and without 
innovation software development stagnates. 
Fear is the mind-killer, fear kills innovation. 

03. Deployment-deceleration as code 

The steps in your pipeline for your deployment 
should be transparent and open for developers 
to change if needed because that empowers 
them to improve the process and there are no 
black boxes and responsibility is shared. 

04. Automatic testing 

Automatic testing should happen whenever 
developers push new code. The result of 
those tests should be visible to everyone and 
specifically the developer-teams, so they can 
respond to a failed test and push fixes for 
it. The testing should always be part of the 
deployment process so if a test fails it will not 
proceed to deploy the new code to production. 


05. Automatic security checks 

With tools like "Clair”, you can do security 
checks for your Docker-images and get 
feedback if any of its components require 
security updates. There are also tools to check 
code dependencies for security vulnerabilities 
and your application itself. If security updates 
were found, your deployment should abort and 
not proceed to deploy new code to production. 

You should always define the specific versions 
of your software dependencies and the 
software that is going to run it (Apache, 

Nginx, Varnish etc.). This makes updating your 
software easier and also more stable, because 
if you do not define the software-version 
you are dependent on, you can be hit with an 
upgrade to a version that your code cannot run 
on. 


06. Standardize production-environments 

Standardizing production-environments 
goes hand-in-hand with standardizing the 
development-environments since they 
should run the same Webserver, databases 
etc. It needs to run the same version of the 
operating-system, Webserver, database etc. 
and also the same configuration (as close as 
possible) as the development-environments. 

07. Deploy infrastructure as code 

Today's automation-tools and especially 
cloud-providers open up the possibility to 
define and deploy infrastructure as code. This 
helps both increasing your speed to setup 
new infrastructure and make changes as you 
go along, but also in documenting what your 
infrastructure actually looks like. 
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A tool for every stage 


Every stage and every problem has its tool and this is a 
list of the tools that can help you on your journey. This 
list is based upon the market today and what we at 



Cloud providers 

The flexibility of the technology 
that cloud providers offer is a big 
step in adopting DevOps. They 
have many tools and services that 
can enable you to both scale and 
adapt your technology stack with everything 
from virtual machines, Kubernetes-as-a- 
service, storage, database clustering and more. 


- Cloud provider with a lot of DevOps tools, 
Cl tools and also Microsoft unique 
services like AD but also general cloud 
services like: 

• Virtual machines Networks 

• Security groups (ports) 

• Storage 

- Block 

- Object 



There are commercial and self-hosted Open 
Source cloud providers. Whatever you choose 
is up to you and your needs. 

• Amazon AWS 
https://aws.amazon.com 

- The biggest cloud provider out there 
where you can create infrastructure like: 

• Virtual machines 

• Networks 

• Security groups (ports) 

• Storage 

- Block 

- Object 

• Database as a service 

• Logging as a service 

• Monitoring as a service 

• Kubernetes as a service 

• Machine learning 

• and much much more... 

• Microsoft Azure 
https://azure.microsoft.com 


• Database as a service 

• Logging as a service Monitoring as a 
service 

• Kubernetes as a service Machine 
learning 

• Active directory 

• and much much more... 

• Google cloud 

https://cloud.google.com 
- Googles hat in the mix of Cloud provider, 
their focus is a lot on containers and Al 
but of course services like: 

• Virtual machines Networks 

• Security groups (ports) 

• Storage 

- Block 

- Object 

• Database as a service 

• Logging as a service 

• Monitoring as a service 

• Kubernetes as a service 

• Machine learning 

• and much much more... 


• OpenStack 

https://www.openstack.org 

- The only Open Source self hosted cloud 
solution and is used by a lot in the 
Telecom industry and in Cern for example, 
for creating infrastructure like: 

• Virtual machines 

• Networks 

• Security groups (ports) 

• Storage 

- Block 

- Object 

- Since OpenStack is Open Source you can 
either set it up in your own data center or 
use a OpenStack hosting provider. 

Redpill Linpro offers OpenStack in: 

• Redpill Linpro Nordic Cloud 
https://www.redpill-linpro.com/ 
cloud/rlnc/compute.html 

Cl/CD 

To make sure that you deliver your 
new application to production 
and you are building artifacts or 
binaries reliably and predictable 
you need some kind of CI/CD- 
tool. There are a lot of options out there and 
some tools are better suited for certain tasks 
than others. 


• Self hosted and Free. 

• Pipeline definition in YAML 

• Each step in pipeline is a container 
which you run commands in. 

• Integration with Gogs, Github, 

Gitlab etc. 

• GitLab 

https://www.gitlab.com 

-Version control software built in (GIT). 

- Built in container registry. 

- Host your artifacts too. Pipeline definition 
in YAML. 

• Circled 

https:/ www.circleci.com 

- Licensed based self hosted and cloud 
hosted. 

- Integration with Github, Bitbucket. 

• Many Cloud provider have their own Cl/ 
CD tools but often with some what limited 
capabilities and integrated mostly to their 
ecosystem: 

-Azure DevOps - https://azure.microsoft. 
com/en-us/services/devops Amazon 

- Amazon AWS Pipeline - https://aws. 
amazon.com/ 

codepipeline 

- Google Cloud Build - https://console. 
cloud.google.com/cloud-build 







Jenkins 

https://jenkins.io 

-Probably the most used Cl/CD tool out 
there with tons of plugins for specific tasks 
and Pipeline support. 

• Self hosted and Free. 

• Deploy jobs in Bash. 

• Integrates well with Github. 

Drone 

https://drone.io 

- One of the newest tools where the steps 
in the pipeline you build are based on 
running docker containers. 



Infrastructure automation 

One of the largest steps in 
the "The 5 stages of DevOps 
evolution" is to bring in 
automation for creating and 
installing your infrastructure. 

These tools are mainly used to 
create infrastructure in the main four cloud 
providers, but they have support for many, 
many more providers, both smaller cloud and 
non-cloud providers. 




• Terraform 

https://www.terraform.io 

- Tool to define infrastructure as 
configuration files and cli tool to create, 
update and delete your infrastructure 
with support for both major cloud 
providers and smaller hosting providers 
with API integrations: 

• Amazon AWS 

• Google cloud 

• Microsoft Azure 

• OpenStack 

• Alibaba cloud 

• VMware vSphere 

• Heroku 

• and many, many more, see a full list 
here: https://www.terraform.io/docs/ 
providers/index.html 

- Can use tools like Ansible or Puppet to 
configure the infrastructure when it has 
been created. 

• Ansible 

https://www.ansible.com 

- Originally created to provision already 
existing infrastructure but the community 
has created modules for basically every 
cloud provider out there (see here for a 
full list: https:/docs.ansible.com/ansible/ 
latest/modules/list_of_cloud_modules. 
html). 

- Everything is declared in YAML-files. 

- Self documented. 


Container technology 

Container technology is one of 
the biggest paradigm shifts we 
have seen in the technology space 
in many years, and the adoption 
rate of it has skyrocketed because 
it standardizes environments, makes it 
repeatable, re-usable and disposable. It is 
being used in everything from development 
environments on Laptops to Satellites in space, 


running everything from Java, Python, .NET, 
Php, Go applications and is supported on both 
Linux, Windows and Mac. 

• Docker 

https://www.docker.com 

- The de-facto container software. 

- Like a small virtual machine where you 
have a OS (like Alpine, Ubuntu, CentOS 
etc.) you base your container on and 
install whatever software you need inside 
of it. 

- Enables you to ship your code, software 
and its configuration in the same 
"package". 

- Enables developers to work with the same 
software and configuration locally as is 
running on production. 

- Support for Linux, Windows and MacOS 
(MacOS has not quite as good support as 
Linux and Windows). 

• Docker compose 

https://docs.docker.com/compose 

- CLI tool that helps you start multiple 
containers at once that are tightly 
integrated (like a Webserver and a 
database server). 

- Structure of multi container setup is 
Defined in YAML. 

- Great for Developers when working 
locally on their computers. 

• Mount local files and directories. 

• Execute commands inside containers. 

• Expose ports to reach services inside 
the containers. 

Container orchestration 

With the rise of container 
technologies there were many 
companies in this space that was 
creating platforms to host and 
deploy containers, in the end 
we have seen a clear winner and 
that is Kubernetes and OpenShift (which has 
adopted Kubernetes as its base), 







there are other platforms but Kubernetes 
and OpenShift are the de facto standard 
and both of them have a huge community of 
companies like Google, Red Hat, Microsoft, 

IBM as well as well as thousands of individuals. 
(Source: https://www.stackalytics.com/ 
cncf?module=kubernetes) 

• Kubernetes 
https://kubernetes.io 

- Open source and able to host on both 
on-prem as well as on cloud provider 
infrastructure. 

-Almost all cloud providers has Kubernetes 
as a service: 

• Amazon EKS 

• Google GKE 

• Azure AKS 

• OpenStack Magnum 

• OpenShift 

https://www.openshift.com 

- A Kubernetes distribution. 

- Licensed with support from Red Hat 

- Pre-packaged software for monitoring 
and logging your Kubernetes cluster. 

- Pre-packaged with security policies. 

• K3S 
https://k3s.io 

- A Kubernetes distribution. 

- Intended for Edge, IOT, Cl and supports 
ARM architecture. 

• Low memory imprint (512mb) 

- All cloud integration has been 
removed (but can be added if 
needed) 

- Alpha and beta have been 
removed. 

- Ingress (Traefik) included and 
uses sqlite3 instead of etcd3 

- Easy to set up. 


• Docker swarm 

https://docs.docker.com/engine/swarm 

- Open source 

- Docker orchestration built in to Docker to 
be used to control multiple docker 
engines, running on different servers. 

Provisioning 

One of the first tools many 
DevOps engineer work with is 
tools to automate provisioning 
of servers, that is to say installing 
the software needed for your 
applications to in a declarative and automatic 
way, these tools are great because you actually 
have a repeatable and documented recipe of 
whats installed on your infrastructure. 

• Ansible 

https://www.ansible.com 

- Have modules for basically every Linux 
command and application you can think 
of and even has support for creating cloud 
infrastructure, (see full list of modules 
here: 

https://docs.ansible.com/ansible/latest/ 
modules/modules_by_category.html) - 

Everything is declared in YAML-files. 

- Self documented. 

• Puppet 

https://www.puppet.com 

- Configuration management and 
orchestration ecosystem with a rich set of 
modules and tasks to install and configure 
just about any service you can think of. 
Can work both as a centralized service or 
as a distributed or oneshot tool. 

• The Foreman 

https://www.theforeman.org/ 

- Lifecycle management tool that controls 
your servers from creation and OS 
install through application install and 
configuration, and finally decommisioning. 
Has many plugins and works particularly 
well with Puppet. 



Testing 

Testing your software is crucial 
when you do fast iterations of 
development, and this needs to be 
automated whenever a developer 
pushes new code, tests should be 
fired of and if they are successful 
it should be allowed in to the new release (if it 
passes security checks too) and if not it should 
not and the developer should be notified so a 
fix can be added and start the process again. 

• Selenium 

https://www.seleniumhq.org 

- Great for testing Web applications. 

- Support for most major programming 
languages. 

• Cypress 

https://www.cypress.io 

- Great for testing Web applications. 

- All tests are written in JS. 

- Tests can be monitored directly in your 
browser. 

• Language specific: 

- Tox (Python) - https://pypi.org/project/tox 

- JUnit (Java) - https://junit.org/junit5 

- NUnit (.NET) - https://nunit.org 

- MochaJS (JavaScript) - https://mochajs. 
org 

- PHPUnit (PHP) - https://phpunit.de 

Security 

Running security checks on both 
your application, the dependencies 
your application has, the Operating 
system and packages you have 
is also crucial to allow fast 
iterations of development cycles, specially 
if the developers should be able to deploy 
their updates to production themselves 
and adopting container technologies is very 
important to make this as smooth and fast as 
possible. 


• Clair 

https://github.com/coreos/clair 

- Used to scan docker images for security 
updates in both the image you base it on 
and the packages you install in it. 

• Detectify 

https://detectify.com 

- Great for doing security checks on your 
web application despite language. 

- Scans your web application for over 1500 
vulnerabilities, including OWASP Top 10, 
CORS as well as known Web framework 
security flaws. 

• Wapiti 

https://wapiti.sourceforge.net 

- Great for doing security checks on your 
web application despite language. 

- Like Detectify it scans your website for 
known attack vectors 

- Open Source 

• Sonatype OSS index 

https://ossi ndex.sonatype.org 

- Application package dependency scanning 
with support for languages like: 

• JavaScript 

• .NET 

• Python 

• Go 

• Ruby 

• Language specific 

- SensioLabs security checker (PH P) - 
https://github.com/sensiolabs/security- 
checker 

- Npm audit (JavaScript / NodeJS) - https:// 
docs.npmjs.com/auditing-package- 
dependencies-for-security-vulnerabilities 

Aggregated logging 

Having your applications sends 
logs to an aggregated logging 
tool is crucial for your teams, 
it empowers them to look at 
the logs from the system or 
their application in a standardized way 
and centralized place. It also enables the 





developers to create custom log messages and 
send to one of these tools since they offer APIs 
to connect to. 

• Elastic stack (ELK Stack) 

https://www.elastic.co/products/elastic- 

stack 

- Mainly a tool to aggregate logging in 
one place and where you can search 
and visualize your data with support for 
searching, sorting and filtering by time/ 
date period. You but you can also do 
monitoring for system resources. 

- The Elastic stack consists of: 

• Elasticsearch - https://www.elastic. 
co/products/elasticsearch 

• Kibana - https://www.elastic.co/ 
products/kibana 

• Logstash - https://www.elastic.co/ 
products/logstash 

• Beats - https://www.elastic.co/ 
products/beats 

- Open source 

• Graylog 

https://www.graylog.org 

- An aggregated logging tool with support 
for searching, sorting and filtering by 
time/date period. Has some visualization 
tools integrated to it, but mainly for 
aggregated logging. 

- Graylog consists of: 

• MongoDB - https://www.mongodb. 
com 

• Elasticsearch - https://www.elastic. 
co/products/elasticsearch 

- Open source 


when your issue occurred. What these tools 
also provide is alarms, so you can setup alarms 
if over X amounts of memory, cpu or disk is 
being used and then send you an Email, Slack 
message or telling a Cloud provider via their 
API to increase capacity for you infrastructure. 

• Prometheus with Grafana 
https://prometheus.io/ https:/ grafana. 
com 

- These two tools are great for doing 
resource monitoring on your server(s) 
and is very popular in the Kubernetes 
world to monitor your cluster resources. 

- Prometheus is the tool that collects the 
data from the servers and Grafana is a 
web based gui that visualize the resource 
usage. 

- Open source 

• New relic 
https://newrelic.com 

- Subscription based tool that can monitor 
your server resources but most famous 
for a tool that you inject into your 
application to monitor your application 
and what bottlenecks you have and 
makes suggestions where you can do 
optimizations. 

• Data dog 

https://www.datadoghq.com 

- Like New relic its a subscription based 
tool that you inject into your 
application to monitor your application 
and what bottlenecks you have and 
makes suggestions where you can do 
optimizations. 


Aggregated monitoring 

Aggregated logging and aggregated 
monitoring is a great combination 
when you need to debug issues, 
and with the help of time series 
functionality you can both check 
how your infrastructure behaved and your 
software behaved at that certain point of time 


Version control 

When it comes to version control 
of code GIT is the one tool that 
everyone uses nowadays across 
no matter what language you use, 
it has become de facto standard 
in any kind of development because of the 
fact that your code does not get pushed to a 
centralized repository at each commit, but 





instead whenever the developer chooses to do 
so. So here is a list of Git servers instead. 

• Github 

https://www.github.com 

- Industry standard for all Open source 
projects, no matter the language. 

- Free for Open source projects. 

-Paid subscription model for private 
repositories. 

• Gitlab - https://www.gitlab.com 

- Biggest Open source self hosted solution. 

- Has Cl tools integrated into it that has 
become very popular. 

- Great user management. 

- Built in docker container registry. 


- Paid version includes support for artifact 
repository for Maven, Npm and Full 
binaries. 

Bitbucket - https://bitbucket.org/product 

- Paid subscription model 

- Made by Atlassian and has integrations to 
Jira and Trello. 

- Built in Cl/CD tool. 

Gitea - https://www.gitea.io 

- Very light weight so it does not need a lot 
of memory resources. 

- Open source 

- Fork from the Gogs git repository server. 

Gogs - https://gogs.io 

- Very light weight so it does not need a lot 
of memory resources. 

- Open source 



We can: 

• Assist in every phase of implementation of a DevOps led strategy. 

• Provide cloud based tools and services to support your move to DevOps. 

• Assume the full responsibility for the implementation of a DevOps led strategy. 












Summary 

Organisations of today are faced with a lot of challenges and even 
though no one really knows what the future will bring and who will 
be successful in the conning years, one thing is for sure - a constant 
change will be required. It is our strong belief that a DevOps oriented 
approach to this demand for change (at least from an IT perspective) 
will be crucial to success. 

So, what to look for when choosing your DevOps project supplier? 
Here are a couple of suggestions: 

• Long experience of agile operations and DevOps 

• Core competencies within infrastructure and development 

• Experience from agile development methodologies 

• Long experience from leading Open Source tooling to support 
agility, automation, and self service 

• Involved in several customer projects to establish DevOps 
processes, routines and methodology. 

• Training delivery and workshops on DevOps across Scandinavia 

• Packaged experience and tooling into a model to support 
organizations that want to go DevOps! 



For more information: 

Sales Norway +47 21 544100 
Sales Denmark +45 77 99 32 12 
Sales Sweden +46 8 20 95 00 
https://www.redpill-linpro.com/solutions/devops 


